On Wed, Apr 06, 2011 at 06:37:38PM -1000, Joel Roth wrote: > So is the salt a fixed number of characters? From system to system, it varies. On my Fedora 14 virtual machine, it's 16 characters. On Debian 6.0 stable, it's 8. > Otherwise, how would a process know which portion of the > string is the salt? You can read the shadow(5) manual on your Debian system to learn about the syntax of the password. However, I'll give you the rundown: The password is separated by '$'. Between the first and second '$' tells the process what algorithm to use for the hash (MD5, SHA1, bcrypt, etc.). Between the second and third '$' is the salt itself. After the third '$' is the hash. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
Attachment:
signature.asc
Description: Digital signature